http://www.tortall.net/mu/blog/2005/11/30/python_format_string_vulnerabilities_1Comments on Python format string vulnerabilities (1)2005-12-15T23:24:38ZMichael Urmanhttp://www.tortall.net/muRe: Python format string vulnerabilities (1)Joe Wreschnighttp://www.tortall.net/mu/blog/2005/11/30/python_format_string_vulnerabilities_1#comment-02005-11-30T19:23:38Z
Actually, there are two things called "format string vulnerabilities".
The first is trusting user input to be part of the format string itself,
the classic printf(input, ...). Python's not vulnerable to that because
you get a ValueError rather than stack corruption.

The second kind is not properly sanitizing input for things like
os.system("ls %s" % input), which is still a problem in any language.

You've discovered a third kind, which probably only languages like
Python are "vulnerable" to - I don't doubt someone could create memory
corruption though misuse of this, if Python had fewer sanity checks on
the C end.

]]>Re: Python format string vulnerabilities (1)Michael Urmanhttp://www.tortall.net/mu/blog/http://www.tortall.net/mu/blog/2005/11/30/python_format_string_vulnerabilities_1#comment-12005-11-30T19:23:38Z
The separation of format and print methods is more important to Python's
limited vulnerability to the first. If the base print had the formatting
built in, we'd see a lot more ValueErrors.
]]>